Security Analyst

Join Goodwin's Global Operations Team, and make a real impact on a global scale.
At Goodwin, we work with some of the world's most successful and innovative investors, entrepreneurs and disruptors in the life sciences, private equity, real estate, technology and financial industries, and where they converge. As part of the Global Operations Team – all business professionals at the firm – you'll collaborate with colleagues from varied backgrounds and experiences, fostering an environment where cross-functional learning, networking, and collaboration are at the core of what we do.

Here, we're not just supporting a law firm; we're partnering with attorneys and clients to deliver cutting-edge solutions
in high-stakes litigation and dispute resolution, world-class regulatory compliance and advisory services, and complex transactions. Our commitment to integrity, ingenuity, agility, and ambition drives us, and we're proud to have been recognised as the "Best Business Team" by The American Lawyer.

This is your opportunity to grow professionally in a dynamic, global environment, surrounded by forward-thinking peers.

Working with the Director, Information Security, this position is responsible for the operation, implementation, management, auditing and reporting, and engineering support of Goodwin's network and information security systems infrastructure. Assists with security automation, threat detection engineering, risk assessments, vulnerability management, incident response, and disaster recovery testing. Provides internal consulting to project owners and technical resources to ensure the confidentiality, integrity and availability of firm data and systems. Reviews, tests and implements new security technology platforms. Advocates information security practices to all firm members.

What You Will Do

• Identify new threats to IT systems and create rules to identify, prevent and remediate.
• Expand security auditing and ensuring the proper ongoing operations of security tools
• Providing internal information security consulting for other business and IT projects. This includes identifying, documenting and implementing secure configurations and architectures.
• Assist with the creation and maintenance of security policies, standards, guidelines and other documentation for IT and business audiences.
• Responsible for security metrics on a monthly basis to ensure the proper service levels are maintained.
• Support incident response lifecycle including identification, triage, remediation and communications for security breaches and malware infections.
• Identify latest security vulnerabilities, malware, breaches, and industry news which could affect the firm
• Maintains vulnerability management process including identification, rating, remediation and monitoring.
• Provides additional coverage for approvals and notifications to other IT groups for critical time sensitive operations including firewall changes, password reset approvals, and application vetting.
• Assist with automation of security processes, integration of security platforms, and creation of tools.
• Ongoing reviews of access controls by investigating improper access; revoking access; reporting violations; monitoring requests; recommending improvements
• Provides technical leadership for incident response capabilities including malware analysis, breach investigation, and remediation efforts.
• Creation of internal training materials and other items to support the advancement of information security within the firm.
• Maintains awareness of industry trends and their advantages with the ability to make recommendations for improving technology used by the firm.
• Participates in and/or manages cross-functional team projects to implement new or updated technology.
• Cross-trains other IT staff in security best practices, the use or maintenance of technology.
• Effectively manages small projects.
• Displays professionalism, quality service and a "can do" attitude to internal members/departments of the Firm as well as external clients and vendors via electronic and print correspondence, over the telephone and in-person.
• Provides information security knowledge